Create dependabot.yml

Update anchore-syft.yml
2 changed files with 13 additions and 2 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  - package-ecosystem: "docker" 
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"
--- a/.github/workflows/anchore-syft.yml
+++ b/.github/workflows/anchore-syft.yml
@ -27,11 +27,11 @@ jobs:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout the code
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
    - name: Build the Docker image
      run: docker build . --file Dockerfile --tag localbuild/testimage:latest
    - name: Scan the image and upload dependency results
-      uses: anchore/sbom-action@bb716408e75840bbb01e839347cd213767269d4a
+      uses: anchore/sbom-action@v0
      with:
        image: "localbuild/testimage:latest"
        artifact-name: image.spdx.json
Author	SHA1	Message	Date
Michel Promonet	2198200366	Create dependabot.yml	4 weeks ago
Michel Promonet	636d57edb6	Update anchore-syft.yml	4 weeks ago